500 data breaches at Sandwell Council in past five years

Almost 500 data breaches have occurred at Sandwell Council in the past five years, the Express & Star can reveal.

Subscribe to our daily newsletter

Sandwell Council house in Oldbury

Sensitive information was either stolen, lost or incorrectly disclosed.

In some cases, people's names and addresses were unintentionally shared.

A council spokesman said staff have been advised on the 'importance of data protection'.

But Sandwell classed all 499 data breaches since 2014 as 'low level' incidents. Most of them took place within the council.

As a result, the local authority has not been punished with any fines - which councils can face in these circumstances.

The figures were revealed following a Freedom Of Information request by the Express & Star.

The findings show that 100 data breaches have occurred every year - or one every four days.

Councillor Steve Trow, cabinet member for culture and core council services, said: “The majority of these minor data breaches have occurred in cases where data is being transferred internally between council departments, rather than to outside organisations.

Advertising

“These low-level data breaches will occasionally have included the unintentional sharing of, for example, a name or address.

“None of the breaches met the threshold requiring referral to the Information Commissioner.

“The council takes action in respect of every breach, however minor, and can in many cases recover the data immediately.

"It must be remembered that the council handles thousands of pieces of data every single day."

Advertising

In its FoI response, Sandwell said some data breaches occurred to due 'theft, loss of files and disclosure by staff members'.

Other breaches involved staff accidentally sending emails or paperwork to the wrong people.

But Sandwell's spokesman said the council is constantly reviewing its 'information governance arrangements'.

"This includes the provision of enhanced advice, support and training to council departments to ensure that staff fully appreciate the importance of data protection in the context of legislative requirements," the spokesman said.